Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1126783003: Handle the case when derived constructor is [[Call]]ed with 0 args. (Closed)

Created:
5 years, 7 months ago by Dmitry Lomov (no reviews)
Modified:
5 years, 7 months ago
CC:
v8-dev
Base URL:
https://chromium.googlesource.com/v8/v8.git@master
Target Ref:
refs/pending/heads/master
Project:
v8
Visibility:
Public.

Description

Handle the case when derived constructor is [[Call]]ed with 0 args. ArgumentsAdaptorStub for derived constructor (the one that needs new.target) works in this way: - If the constructor is invoked via the Construct stub, we know that actual arguments always include new.target. ``arguments`` object however should not include a new.target, therefore we remove it. We achieve this by decrementing the argument count. - If the constructor is invoked as a call, we do not care for a correct ``arguments`` array since the constructor will immediately throw on entrance. The bug is that the call could actually pass 0 actual arguments, but I decrement unconditionally :(. The fix is to detect this case and avoid decrementing. ``arguments`` is bogus, but it is ok as constructor throws. Long-term we should just remove mucking about with arguments for new.target and just get it from the stack. R=arv@chromium.org,rossberg@chromium.org BUG=chromium:474783 LOG=Y Committed: https://crrev.com/cf53fed972896bf23c037ce7ac9f8e1512463c62 Cr-Commit-Position: refs/heads/master@{#28242}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+52 lines, -0 lines) Patch
M src/arm/code-stubs-arm.cc View 1 chunk +4 lines, -0 lines 0 comments Download
M src/arm64/code-stubs-arm64.cc View 1 chunk +4 lines, -0 lines 0 comments Download
M src/ia32/code-stubs-ia32.cc View 1 chunk +7 lines, -0 lines 0 comments Download
M src/mips/code-stubs-mips.cc View 1 chunk +3 lines, -0 lines 0 comments Download
M src/mips64/code-stubs-mips64.cc View 1 chunk +3 lines, -0 lines 0 comments Download
M src/x64/code-stubs-x64.cc View 1 chunk +7 lines, -0 lines 0 comments Download
A test/mjsunit/es6/regress/regress-474783.js View 1 chunk +24 lines, -0 lines 0 comments Download

Messages

Total messages: 10 (3 generated)
Dmitry Lomov (no reviews)
PTAL
5 years, 7 months ago (2015-05-05 17:10:42 UTC) #1
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1126783003/1
5 years, 7 months ago (2015-05-05 17:11:21 UTC) #3
arv (Not doing code reviews)
LGTM
5 years, 7 months ago (2015-05-05 17:53:56 UTC) #4
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 7 months ago (2015-05-05 18:06:05 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1126783003/1
5 years, 7 months ago (2015-05-05 19:55:21 UTC) #8
commit-bot: I haz the power
Committed patchset #1 (id:1)
5 years, 7 months ago (2015-05-05 19:57:03 UTC) #9
commit-bot: I haz the power
5 years, 7 months ago (2015-05-05 19:57:16 UTC) #10
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/cf53fed972896bf23c037ce7ac9f8e1512463c62
Cr-Commit-Position: refs/heads/master@{#28242}

Powered by Google App Engine
This is Rietveld 408576698